Vulnerability Scanning
What is Vulnerability Scanning?
Vulnerability ScanningAutomated process that probes systems, applications, or containers against known vulnerability signatures to produce a list of potential weaknesses.
Vulnerability scanning uses tools such as Nessus, Qualys, Tenable, OpenVAS, or cloud-native scanners to fingerprint assets and compare detected software, configurations, and exposures against vulnerability databases (CVE/NVD) and benchmarks (CIS, DISA STIG). Scans can be authenticated (with credentials, providing deeper accuracy) or unauthenticated, agent-based or network-based, and may run continuously or on a schedule. Results require triage to remove false positives, enrich with exploitability and asset context, and feed remediation. Scanning is one input to a broader vulnerability management program; alone it does not prove exploitability.
● Examples
- 01
An authenticated weekly scan of Linux servers that detects missing kernel patches.
- 02
A container image scan in the CI pipeline blocking builds with critical CVEs.
● Frequently asked questions
What is Vulnerability Scanning?
Automated process that probes systems, applications, or containers against known vulnerability signatures to produce a list of potential weaknesses. It belongs to the Defense & Operations category of cybersecurity.
What does Vulnerability Scanning mean?
Automated process that probes systems, applications, or containers against known vulnerability signatures to produce a list of potential weaknesses.
How do you defend against Vulnerability Scanning?
Defences for Vulnerability Scanning typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Vulnerability Scanning?
Common alternative names include: Vuln scanning, Automated vulnerability scan.